Entity authentication methods adopting an asymmetric cryptographic technique are categorized into two kinds: unilateral authentication and mutual authentication. Uniqueness or timeliness of authentication is controlled by time variant parameters such as timestamps, sequence numbers, and random numbers. If the timestamps or sequence numbers are used as time variant parameters, the unilateral authentication can be completed by only one pass authentication, and the mutual authentication between entities can be completed by two pass authentication; or if random number are used as time variant parameters, the unilateral authentication can be completed by two pass authentication, and the mutual authentication can be completed by three pass authentication or four pass authentication (i.e., two parallel two pass authentication).
Before or during operation of whatever authentication mechanism, a verifier shall be provided with a public key of a claimant, otherwise the authentication might be endangered or fail. A three pass mutual authentication is described here as an example.
Referring to FIG. 1, an authentication entity A transmits a token TokenAB=RA∥RB∥B∥Text3∥sSA(RA∥RB∥B∥Text2) to an authentication entity B, and the authentication entity B transmits a token TokenBA=RB∥RA∥A∥Text5∥sSB(RB∥RA∥A∥Text4) to the authentication entity A, where X denotes an authentication entity distinguishing identifier, and the authentication system includes the two authentication entities A and B; CertX denotes a certificate of an entity X; sSX denotes a signature of the entity X; RX denotes a random number generated by the entity X; and Text denotes an optional text field.
A process of operating the three pass authentication mechanism is described in detail below:
1) The entity B transmits a random number RB and an optional text field Text1 to the entity A;
2) The entity A transmits a token TokenAB and an optional certificate field CertA to the entity B;
3) The entity B performs the following steps upon reception of the message transmitted from the entity A:
3.1) Guaranteeing to obtain a valid public key of the entity A either by verifying the certificate of the entity A or by some other means; and
3.2) After obtaining the public key of the entity A, verifying the signature of the entity A contained in the token TokenAB in the step 2), checking the correctness of the distinguishing identifier B, and checking that the random number RB transmitted in step 1) is consistent with the random number RB contained in the token TokenAB received in the step 2), and the entity A is therefore authenticated by the entity B;
4) The entity B transmits a token TokenBA and an optional certificate field CertB to the entity A; and
5) The entity A performs the following steps upon reception of the message including TokenBA transmitted from the entity B:
5.1) Guaranteeing to obtain a valid public key of the entity B either by verifying the certificate of the entity B or by some other means; and
5.2) After obtaining the valid public key of the entity B, verifying the signature of the entity B contained in the token TokenBA in the step 4), checking the correctness of the distinguishing identifier A, and checking that the random number RA transmitted in the step 2) is consistent with the random number RA contained in the token TokenBA received in the step 4) and that the random number RB received in the step 1) is consistent with the random number RB contained in the token TokenBA received in the step 4), the entity B is therefore authenticated by the entity A.
As can be apparent, successful operation of the three pass authentication mechanism is guaranteed under the condition that the entity A and the entity B possess respectively the valid public keys of each other, but the protocol does not involve how to obtain the valid public keys and the validity thereof. However, this guaranteeing condition can not be satisfied in many application scenarios at present. For example, a user access control function is typically realized by the entity authentication mechanism over a communication network, and thus an access of a user to the network is prohibited before a successful operation of the authentication mechanism, and consequently it is impossible or difficult for the user to access a certificate authority and even impossible to obtain the public key of an opposite entity, i.e., a network access point, and the validity thereof prior to the authentication.
At present, mutual authentication typically has to be performed between the user and the network access point over the communication network to guarantee that the user accessing the network is legal, and thus if it is not necessary for a network entity to be aware of the valid public key of the opposite entity but instead the public key of the opposite entity is checked during authentication, then the traditional entity authentication mechanisms can both be improved and gain good feasibility and easy-to-use in practical applications. Moreover, in any of the foregoing authentication mechanisms, a device where an authentication entity resides has to perform the entire authentication protocol each time it is associated to another different device, which may give rise to the issue of whether a demand for rapid handoff can be satisfied over the communication network; and each authentication entity has to be configured with a pair of public and private keys, which may significantly complicate the management of public keys for a large network. Therefore, the protocol has to be designed to reduce the complexity of network management as much as possible while guaranteeing the authentication function to satisfy the demand for rapid handoff.